Phishing attacks continue to be a popular way for cybercriminals to go after American consumers' bank accounts through tricking them into giving up their logins and passwords.
Just more than 16,000 individual attacks were recorded worldwide in November 2010, according to RSA, the Security Division of EMC, a 5% increase over the month before.
But there's a new twist. "One of the latest types of phishing attacks to emerge is one that simultaneously targets the brands of multiple organizations through a single attack," the company said in its December report issued today, noting the proliferation of easy-to-use phishing software kits on the black market.
Tactics include distributing the attacks under the guise of important notices from tax collection agencies of different countries, using e-mails that also include a list of bank logos that invite the recipient to click and claim a tax refund.
Another scam that appears to be growing in popularity is phishing e-mails that look like customer satisfaction surveys from major consumer brands. They promise a monetary award to participants but ask for online banking credentials so the award can be credited.
American credit unions were the focus of 10% of attacks on financial institutions in both October and November, RSA said. Nationwide banks account for about 70% of the attacks, regional banks the rest.
And while international agents get the blame for much of the malware and Trojan attacks on U.S. financial institutions, RSA noted that about 64% of the phishing attacks it recorded were hosted in the United States. Canada was second at 7%. Russia was the host for only 2.5%.